Skip to content

24062026 Coverity fixes#10773

Open
rlm2002 wants to merge 9 commits into
wolfSSL:masterfrom
rlm2002:coverity
Open

24062026 Coverity fixes#10773
rlm2002 wants to merge 9 commits into
wolfSSL:masterfrom
rlm2002:coverity

Conversation

@rlm2002

@rlm2002 rlm2002 commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Description

  • Logically dead code
    • 561219: remove XBADFILE check
    • 561215/561216: remove dead check
  • Untrusted loop bound
    • 561218: Add bounds check to test helper
  • Overflowed return value
    • 561217: move casts and harden function
  • Unchecked return value
  • 561216/561205: Remove call to remove(pubFile/privFile), add (void) cast
  • Assign instead of compare
    • 561214: change ExpectTrue() to assignment
  • Untrusted pointer read
    • 561207: Bound tainted lengths in ECH test helper

Testing

./configure --enable-all && make check

@rlm2002 rlm2002 self-assigned this Jun 24, 2026
@rlm2002 rlm2002 marked this pull request as ready for review June 25, 2026 15:11
@github-actions

github-actions Bot commented Jun 25, 2026

Copy link
Copy Markdown

retest this please

@github-actions

github-actions Bot commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown

MemBrowse Memory Report

No memory changes detected for:

@rlm2002 rlm2002 assigned wolfSSL-Bot and unassigned rlm2002 Jun 25, 2026
dgarske
dgarske reviewed Jun 25, 2026
View reviewed changes

@dgarske dgarske left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skoll Code Review

Scan type: reviewOverall recommendation: COMMENT
Findings: 1 total — 1 posted, 0 skipped
1 finding(s) posted as inline comments (see file-level comments below)

Posted findings

  • [Info] *Adjacent dead data == NULL check left in place after dead-code cleanupsrc/ocsp.c:1189-1192

Review generated by Skoll

Comment thread src/ocsp.c Outdated
@@ -1190,8 +1190,6 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
return NULL;
if (*data == NULL)
return NULL;

@dgarske dgarske Jun 25, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*⚪ [Info] Adjacent dead data == NULL check left in place after dead-code cleanup

This PR removes the redundant if (len <= 0) return NULL; because line 1189 (if (data == NULL || *data == NULL || len <= 0) return NULL;) already covers it. That same combined guard also already covers the immediately-following if (*data == NULL) return NULL; on lines 1191-1192, which is therefore unreachable/dead in exactly the same way. This is pre-existing (the diff did not add it), so it is out of strict scope, but since the PR's stated theme is removing logically-dead code, a reviewer would reasonably remove this adjacent duplicate at the same time. No correctness impact either way.

Fix: Optionally drop the redundant if (*data == NULL) return NULL; for consistency with the dead-code cleanup in this PR. Not blocking; pre-existing and harmless.

@rlm2002 rlm2002 Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix applied, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rlm2002 @dgarske @wolfSSL-Bot